Merge pull request #2 from cloud-gov/add-base-files

add base files to the repo

.github/pull_request_template.md

@@ -0,0 +1,14 @@
+## Changes proposed in this pull request:
+
+-
+-
+-
+
+## Things to check
+
+- For any logging statements, is there any chance that they could be logging sensitive data?
+- Are log statements using a logging library with a logging level set? Setting a logging level means that log statements "below" that level will not be written to the output. For example, if the logging level is set to `INFO` and debugging statements are written with `log.debug` or similar, then they won't be written to the otput, which can prevent unintentional leaks of sensitive data.
+
+## Security considerations
+
+[Note the any security considerations here, or make note of why there are none]

.github/workflows/security-considerations.yml

@@ -0,0 +1,11 @@
+name: Security Considerations Workflow
+
+on:
+  pull_request:
+    types: [opened, edited, reopened]
+
+jobs:
+  security-considerations:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: cloud-gov/security-considerations-action@main

.gitignore

@@ -0,0 +1,224 @@
+# General Files
+*.log
+*.tmp
+*.bak
+*.swp
+*.swo
+.DS_Store
+Thumbs.db
+Desktop.ini
+._*
+.Trashes
+.Spotlight-V100
+.TemporaryItems
+.Trash-*
+*.pid
+*.pid.lock
+*.seed
+*.db
+*.dbmdl
+*.tlog
+*.tmproj
+*.tmp_proj
+*.un~
+*.user
+*.userosscache
+*.userprefs
+*.vbproj.user
+*.vssscc
+*.vspscc
+*.suo
+*.cache
+*.csproj.user
+*.sln.docstates
+*.iws
+
+# Byte-compiled / Optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+
+# Distribution / Packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE / Editor Configurations
+/.idea/
+*.iml
+/.vscode/
+*.code-workspace
+*.sublime-project
+*.sublime-workspace
+/.vs/
+/.atom/
+/.eclipse/
+/.netbeans/
+/.intellij/
+/.jbuilder/
+/.rubymine/
+/.mine/
+/.textmate/
+/.vim/
+/.emacs.d/
+*.sw*
+
+# Security - Sensitive files
+*.pem
+*.key
+*.crt
+*.csr
+*.gpg
+*.asc
+.secret
+*.vault
+*.token
+*.apikey
+*.credentials
+secrets.yml
+credentials.yml
+config/dev.yml
+config/private.yml
+
+# Dependency Directories
+/node_modules/
+/bower_components/
+/.jekyll-cache/
+/vendor/
+
+# Go specific
+/bin/
+/pkg/
+*.o
+*.a
+*.out
+**/vendor/
+Gopkg.lock
+Gopkg.toml
+go.sum
+go.mod
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Ruby specific
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.gem
+*.rbc
+.capistrano/
+.rspec
+.ruby-version
+.ruby-gemset
+# Ignore Byebug command history file.
+.byebug_history
+
+# Cloud Foundry specific
+manifest.yml
+manifest-*.yml
+*.env
+*.vars.yml
+*.vars-*.yml
+/deployments/
+
+# BOSH specific
+*.release
+/releases/
+/dev_releases/
+/.dev_builds/
+/blobs/
+/config/
+/private.yml
+*.tgz
+
+# Concourse specific
+/fly-*
+/concourse-*
+/pipelines/
+/tasks/
+/groups/
+/resources/
+
+# Logs, Databases, and Configuration Files
+*.log
+*.sql
+*.sqlite
+*.sqlite3
+/log/
+*.env*
+**/log/*.log
+**/log/*.log*
+
+# OS Generated Files
+.DS_Store
+.DS_Store?
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Build Artifacts and Directories
+/dist/
+/tmp/
+/out/
+/build/
+/target/
+/coverage/
+/Release/
+/Debug/
+/x64/
+/x86/
+*.lock
+*.DS_Store
+*.tgz
+/.terraform/
+
+# Certificates and Keys
+*.csr
+*.crt
+*.key
+*.pem
+*.pfx
+
+# System and Miscellaneous
+$RECYCLE.BIN/
+$tf/

CODEOWNERS

@@ -0,0 +1 @@
+* @cloud-gov/cloud-gov-team

CONTRIBUTING.md

@@ -0,0 +1,17 @@
+# Welcome
+
+We're so glad you're thinking about contributing to a [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We love all friendly contributions.
+
+We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md).
+
+## Policies
+
+We want to ensure a welcoming environment for all of our projects. Our staff follow the [TTS Code of Conduct](https://18f.gsa.gov/code-of-conduct/) and all contributors should do the same.
+
+We adhere to the [18F Open Source Policy](https://github.com/18f/open-source-policy). If you have any questions, just [shoot us an email](mailto:[email protected]).
+
+As part of a U.S. government agency, the General Services Administration (GSA)’s Technology Transformation Services (TTS) takes seriously our responsibility to protect the public’s information, including financial and personal information, from unwarranted disclosure. For more information about security and vulnerability disclosure for our projects, please read our [18F Vulnerability Disclosure Policy](https://18f.gsa.gov/vulnerability-disclosure-policy/).
+
+## Public domain
+
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).

LICENSE.md

@@ -0,0 +1,21 @@
+# License
+
+As a work of the [United States government](https://www.usa.gov/), this project is in the public domain within the United States of America.
+
+Additionally, we waive copyright and related rights in the work worldwide through the CC0 1.0 Universal public domain dedication.
+
+## CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+### No Copyright
+
+The person who associated a work with this deed has dedicated the work to the public domain by waiving all of their rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
+
+You can copy, modify, distribute, and perform the work, even for commercial purposes, all without asking permission.
+
+### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law. When using or citing the work, you should not imply endorsement by the author or the affirmer.

SECURITY.md

@@ -0,0 +1,17 @@
+**Reporting Security Issues**
+
+Please refrain from reporting security vulnerabilities through public GitHub issues.
+
+Instead, kindly report them via the information provided in [cloud.gov's security.txt](https://cloud.gov/.well-known/security.txt).
+
+When reporting, include the following details (as much as possible) to help us understand the nature and extent of the potential issue:
+
+- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of related source file(s)
+- Location of affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if available)
+- Impact of the issue, including potential exploitation by attackers
+
+Providing this information will facilitate a quicker triage of your report.